Previous Topic: Actions for Preventative Identity Policy Violations

Next Topic: Important Notes about Preventative Identity Policies


How Preventative Identity Policies Work

The following sample process illustrates how preventative identity policies work:

  1. An identity policy administrator creates a preventative identity policy that prohibits users who have the title Senior Accountant from being in the IT department.

    When defining this identity policy, the administrator specifies that CA IdentityMinder should reject any changes that violate this policy.

  2. An HR administrator uses the Create User task to create a user profile for a new Senior Accountant. The HR administrator correctly selects the user's title, but accidentally selects the IT department.
  3. The HR administrator completes the remaining fields in the Create User task and clicks Submit.
  4. CA IdentityMinder detects that the task involves changes that are defined in an identity policy and evaluates the changes for violations.
  5. CA IdentityMinder detects the violation, displays a message to the HR administrator, and prevents the task from submitting.

    CA IdentityMinder also records the message in the audit database.

  6. The HR administrator views the details of the violation in the message and changes the user's department to Finance. Then, the administrator resubmits the task.
  7. CA IdentityMinder evaluates the proposed changes against all applicable identity policies, and then allows the Create User task to submit.